Case study: VASCO provides NautaDutilh with a secure remote access solution for its worldwide professional network
To ensure that its clients worldwide are provided with legal solutions that work both locally and globally, international law firm NautaDutilh partners with carefully selected leading law firms around the world. The firm is active in a wide range of sectors, providing services to companies and governments, with multidisciplinary teams working together to keep the sector expertise up-to-date and to pool and exchange knowledge. In this global network where flexibility and efficiency are key, employees need to be able to access the corporate network from any location, whether working from home, at a client’s office or while travelling around the world.
To protect sensitive or confidential information from being intercepted, NautaDutilh needed an effective solution that could be easily integrated within its existing IT infrastructure to guarantee safe and secure remote access for all its employees and suppliers. In order to deliver on the requirement, NautaDutilh opted for strong authentication delivered via a combination of VASCO’s VACMAN Controller – an API-based authentication platform that serves as a backend for DIGIPASS strong authentication and e-signatures – and VASCO’s DIGIPASS 300. The DIGIPASS 300 is a large-scale security device designed for managers and executives, as well as visually-impaired users, who need a bigger display. The password-protected DIGIPASS 300 Comfort offers professional organisations the freedom to build an extremely flexible security infrastructure that is easily accessible from the desktop by customers and employees at any given time. It also enables digital signatures for transactions.
VACMAN: SEAMLESS INTEGRATION WITH EXISTING REMOTE ACCESS SOLUTION
When NautaDutilh decided to secure its remote access application with strong two-factor authentication, the firm’s server was Novell-based. VASCO’s products seemed a logical choice, because they could provide seamless integration with Novell’s eDirectory. Furthermore, VACMAN is a simple and cost-effective solution that can elevate remote access security in any RADIUS and web environment by enforcing DIGIPASS strong authentication technology. Later, when NautaDutilh switched to a Microsoft platform, this did not cause any issues because VACMAN can be easily integrated in any IT infrastructure, so the transition to Active Directory went very smoothly.
ELIMINATING STATIC PASSWORDS WITH DIGIPASS 300
NautaDutilh uses a third party appliance from VMware to enable its employees to access web applications and virtual PCs. This third party appliance supports single logon for all available applications and services. The single logon screen also contains the token password. To protect the firm’s computer system from unauthorised access, the company’s staff use the DIGIPASS 300, a PIN-protected authentication device. The DIGIPASS 300 generates a one-time password, which has to be entered in the start screen, on top of the Active Directory User-ID password, thus enabling the firm to identify employees using remote access. Not only is the DIGIPASS 300 a user-friendly authenticator, it has an expected battery life of seven years, which makes it a reliable part of the company’s total security solution.
At NautaDutilh, the DIGIPASS 300 is used by approximately 400 employees. “The authenticators and the logon procedure were received very well,” says Joost van der Haar, IT Director at NautaDutilh. “We are now confident that only authorised users have access to our applications and confidential data.” DIGIPASS 300 does not require any additional software installation on the end-user’s computers, which makes it very easy to implement. “The logon procedure with the DIGIPASS is very simple, and the security benefits of working from home or while travelling are obvious,” adds Dirk Van Gerven, a partner at NautaDutilh since 1999. “It is very reassuring to know that no one can abuse your password.”
THE BENEFITS OF STRONG TWO-FACTOR AUTHENTICATION
The combination of VASCO’s VACMAN as a central platform and DIGIPASS 300 on the end-user side ensures a safe and user-friendly remote access. “No matter how strict the password policy is, static passwords remain the weakest link in the security chain,” continues Joost van der Haar. “Keeping in mind that safe internet traffic cannot be taken for granted these days, we consider a static password as insufficient to guarantee authorised access to the firm’s confidential data. A dynamic password gives hackers no opportunity to intercept and re-use the password, as it can be used only once and expires after a limited amount of time.”
Another benefit of VASCO’s strong two-factor authentication is the low total cost of ownership. Thanks to the average lifetime span of DIGIPASS 300, combined with the fact that VACMAN does not require replacement or a redesign of the existing remote access solution, and that no additional software must be installed on the end-user’s computer, the costs of implementing a secure authentication solution from VASCO remains very low.
The result is a cost-efficient, user-friendly, and most important of all, secure remote access solution. “Our employees have to type in their AD User-ID, their AD password and the PIN-code into their DIGIPASS, and use the generated one-time password to logon. The third party appliance we work with checks the computer remotely and gives access to certain applications, depending on the security status of the PC. For example, when a virus scan is not up to date, someone only gets access to Outlook Web Access, but when all requirements are met you get full access. The most important checks are for the virus scan and the firewall. This is essential and necessary, both PC and user who logs in have to be trusted,” concludes Joost van der Haar.